Clickjacking Vulnerability in IBM Spectrum Copy Data Management
CVE-2021-39054

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Spectrum Copy Data Management
Vendor: CVE Published:; 13 December 2021

Summary

IBM Spectrum Copy Data Management versions 2.2.13 and earlier are susceptible to a clickjacking vulnerability that allows a remote attacker to manipulate a victim's click actions. Through social engineering techniques that lure the victim to a malicious website, the attacker can effectively hijack the web interface, leading to unauthorized actions that may compromise the victim's security. This vulnerability emphasizes the importance of web security and user awareness in preventing exploitation.

Affected Version(s)

Spectrum Copy Data Management 2.2.13

References

https://www.ibm.com/support/pages/node/6525554

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/214525

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 13, 2021
Vulnerability Reserved
Aug 16, 2021